The present invention relates to compilers, and more particularly, this invention relates to an anti-viral compiler which is capable of preventing buffer overflow virus attacks.
Buffer overflow by a virus is a typical way a virus is able to take over control of a program, routine, function, etc. This technique loads a string that is longer than a buffer, thereby allowing the virus to overwrite a particular targeted local variable buffer in a targeted function. One of the easiest overwrites is an unprotected string overwrite in a function that is not protected from such a call. Other types of buffer overwrites may also occur.
The overwrite is performed knowing that the function's return address is at a specific offset “after” the targeted memory buffer. The memory overwrite replaces the return address of the function and points it at the virus that is also included in the overwrite. In this way, when the function returns, instead of returning to its calling function, it returns to functions within the virus.
In one example, Function B has been called by Function A. When Function B returns, it uses the return address pointing at function A. A snippet of exemplary code is shown below which illustrates the above described functions and function calls:
Function B : VarLocal Vars : Var: Target String: Var: Var:Return Address : Function AThe virus forces the buffer overwrite, replacing the function's return address and points at its own code, as shown in the code snippet below:
Function B : VarLocal Vars : Var: Virus: Virus: Virus: VirusReturn Address : Function VVirusFunction VVirus functionVirus functionVirus function....
Accordingly, since it is not desirable to allow a virus to take control of or otherwise attack a function or process through buffer overflow, it would be desirable to have a compiler that is capable of preventing buffer overwrite attacks from occurring.